ivanti endpoint_manager CVE Vulnerabilities (116)

CVEs: 116 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting ivanti endpoint_manager (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 120 of 116 CVEs
«« First « Prev Page 1 / 6 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2026-8111 SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 8.8 0.86% 2026-05-12 2026-06-17
CVE-2026-8110 Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 7.8 0.24% 2026-05-12 2026-06-17
CVE-2026-8109 An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 6.5 0.70% 2026-05-12 2026-06-17
CVE-2026-1603 KEV An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 8.6 81.09% 2026-02-10 2026-06-17
CVE-2026-1602 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 6.5 0.69% 2026-02-10 2026-06-17
CVE-2025-13662 Improper verification of cryptographic signatures in the patch management component of Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary code. User Interaction is required. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 7.8 0.47% 2025-12-09 2026-06-17
CVE-2025-13661 Path traversal in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote authenticated attacker to write arbitrary files outside of the intended directory. User interaction is required. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 7.1 1.13% 2025-12-09 2026-06-17
CVE-2025-13659 Improper control of dynamically managed code resources in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote, unauthenticated attacker to write arbitrary files on the server, potentially leading to remote code execution. User interaction is required. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 8.8 1.62% 2025-12-09 2026-06-17
CVE-2025-10573 Stored XSS in Ivanti Endpoint Manager prior to version 2024 SU4 SR1 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the context of an administrator session. User interaction is required. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 9.6 29.49% 2025-12-09 2026-06-17
CVE-2025-10918 Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 7.1 0.21% 2025-11-11 2026-06-17
CVE-2025-62392 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 6.5 0.75% 2025-10-13 2026-06-17
CVE-2025-62391 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 6.5 0.75% 2025-10-13 2026-06-17
CVE-2025-62390 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 6.5 1.58% 2025-10-13 2026-06-17
CVE-2025-62389 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 6.5 1.58% 2025-10-13 2026-06-17
CVE-2025-62388 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 6.5 0.75% 2025-10-13 2026-06-17
CVE-2025-62387 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 6.5 1.58% 2025-10-13 2026-06-17
CVE-2025-62386 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 6.5 0.75% 2025-10-13 2026-06-17
CVE-2025-62385 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 6.5 0.75% 2025-10-13 2026-06-17
CVE-2025-62384 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 6.5 0.76% 2025-10-13 2026-06-17
CVE-2025-62383 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. 3c1d8aa1-5a33-4ea4-8992-aadd6440af75 6.5 0.76% 2025-10-13 2026-06-17
«« First « Prev Page 1 / 6 Next »
cvelogic Threat Intelligence